WordPress InPost Gallery plugin <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via inpostgallerygetshortcodetemplate vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin InPost Gallery versions = 2.1.4.2...

CVE-2024-11034

The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via firecontactform AJAX action in all versions up to, and including, 1.4. This is due to the software...

CVE-2024-11034 Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form

The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via firecontactform AJAX action in all versions up to, and including, 1.4. This is due to the software...

CVE-2024-11034

The CVE-2024-11034 entry concerns the WordPress plugin “Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation.” Connected sources confirm that all versions up to and including 1.4 are vulnerable to arbitrary shortcode execution via the...

CVE-2024-10899

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-10899 WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-10899

CVE-2024-10899 affects WordPress plugin WooCommerce Product Table Lite up to version 3.8.6. It allows unauthenticated attackers to execute arbitrary shortcodes due to unvalidated input before do_shortcode, and the same id parameter is vulnerable to Reflected XSS. The remediation is to upgrade to ...

CVE-2024-10899 WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

WordPress WooCommerce Product Table Lite plugin <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting vulnerability

Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WooCommerce Product Table Lite versions = 3.8.6...

CVE-2024-11038

The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup plugin for WordPress is vulnerable to arbitrary shortcode execution via wpbpcffirecontactform AJAX action in all versions up to, and including, 1.7.5. This is due to the software allowing users to...

CVE-2024-11038

The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup plugin for WordPress is vulnerable to arbitrary shortcode execution via wpbpcffirecontactform AJAX action in all versions up to, and including, 1.7.5. This is due to the software allowing users to...

CVE-2024-11036

CVE-2024-11036 concerns the WordPress plugin GamiPress (

CVE-2024-11038

The CVE-2024-11038 applies to the WordPress plugin WPB Popup for Contact Form 7 (1.7.5) as the corrective measure. If upgrading is not immediate, sources do not specify a separate workaround; the emphasis is on applying the patch to mitigate the risk. The EU/Red Hat entries corroborate the core v...

CVE-2024-11038 WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup <= 1.7.5 - Unauthenticated Arbitrary Shortcode Execution via wpb_pcf_fire_contact_form

The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup plugin for WordPress is vulnerable to arbitrary shortcode execution via wpbpcffirecontactform AJAX action in all versions up to, and including, 1.7.5. This is due to the software allowing users to...

WordPress WPB Popup for Contact Form 7 plugin <= 1.7.5 - Unauthenticated Arbitrary Shortcode Execution via wpb_pcf_fire_contact_form vulnerability

Unauthenticated Arbitrary Shortcode Execution via wpbpcffirecontactform vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WPB Popup for Contact Form 7 versions = 1.7.5...

CVE-2024-10262

The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible fo...

CVE-2024-9839 Uix Slideshow <= 1.6.5 - Unauthenticated Arbitrary Shortcode Execution

The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-9839

CVE-2024-9839 concerns the WordPress plugin Uix Slideshow . It is vulnerable to unauthenticated arbitrary shortcode execution in all versions up to and including 1.6.5 , caused by executing an action that does not properly validate values before running do_shortcode. Connected sources collapse th...

CVE-2024-9839 Uix Slideshow <= 1.6.5 - Unauthenticated Arbitrary Shortcode Execution

The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-10262 Drop Shadow Boxes <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible fo...